Versions Compared

Old Version 3

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolutionTopic suggestion from OOM 

Jack shared problematic on legacy basic authentication on API communication (DCAE and AAI http communication example with fixed clear text password in configuration file in OOM).

We need to look for the cases where we have some legacy authentication method in ONAP and get rid of it in favor of service mesh.

Service Mesh shall take care of mutual authentication of TLS communication between ONAP components and authorization policies take care of restricting communication between components.

In Montreal all ONAP components will be forced to use only service mesh, and MSB will not be available.

started

Draft presentation to be prepared by Amy with the Global Requirement and shared with ONAP community.

TSC meeting to be used for making intro on the legacy basic authentication.

Infosys team to be contacted for their potential contribution in Montreal release to removal of legacy basic authentication. 

CPS Road to gold 

Tony prepared his part of the deck for a common presentation and shared with Lee Anjella who shared some input as well.

ongoing

Tony will join next TSC and share SECCOM recommendation for 2FA.

 to be reviewed. Amy will contact Jess.

OJSI list of peopleWe started with Amy reviewing the list. In fact there are 2 lists: one for OJSI updating and the other for vulnerability disclosure. Access to OJSI Jira process clarification with Jess is ongoing. ongoing

LF IT CI/CD security review

Muddasar is not getting support for the ticket opened 1 month ago:

 IT-25429 Review of ONAP CI Threat Model and Security Controls


Pawel to check with Sandra on Wednesday's meeting.

DTF virtual event

Presentation provided by Pawel and SECCOM team to share security goals for Montreal release and latest achievements/news.

Tony participated in the road to gold presentation by CPS.

APIs in ONAP shall be well cataloguized and standards around those APIs well secured (TLS communication etc.).

We are still looking at infrastructure-as-a-code and not yet data-as-a-code.

Bob participates in Working Group 11.

User side is missing or is insufficient, while product security is more leveraged.

doneByung to share with CPS team SECCOM Kudos for their great work done around CPS security.

CPS Road to gold 

CPS PoC under preparation – Jess is configuring 2FA for committers - done.

OJSI list communication with Jess.




5 Years security questionnaire for Policy projectLogging PoC

-

https://wiki.onap.org/pages/viewpage.action?pageId=177078278

We hope ONAP consumers will benefit from the efforts and take some next steps.

stopped

display/DW/PF+-+ONAP+Security+Review+Questionnaire

stratedPawel to check with Liam if the work is completed on Policy project side. DONE

Security review in ARCCOM

For ONAP architecture review security is part of the template.


PTL meeting (June 12th)

Presentation on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication

  • Meeting with Infosys team to be organized

Gerrit upgrade planned by Kevin right after RC milestone (after TSC meeting on Thursday)


Pawel to invite Infosys (Gnanapriya) team to OOM meeting. Andreas to be informed. DONE

TSC meeting (June 1st)

Intro provided for new Global Requirement




Badging Dashboard

Projects in unmaintained status still have active badging questionnaire

David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done.




DTF event and SECCOM presentation

Slide deck to be prepared by Pawel as a SECCOM voice towards ONAP community.

Slide with packages upgrades to be added as well as security template in architecture review template. 

startedLatest weekly scans

Marek was able to initiate latest run of scans.

Results are progressing, cassandra and zk-tunnel-svc to be further elaborated.

Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins.

ONAP-discuss question was raised but still no feedback so far.

Robert Heinemann No references of "zk-tunnel-svc" were found in:

- https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/dashboard/

- https://nexus.onap.org/

- https://nexus3.onap.org/

ongoing

PTL meeting (May 29th)

Cancelled due to day off in USA.

TSC meeting (May 25th)

Tony presented SECCOM recommendation which was accepted by TSC, we run with CPS PoC for 2FA!!!

Bob will try to review gerrit logs


SECCOM SECCOM MEETING CALL WILL BE HELD ON 13th 20th JUNE 2023. Security review in ARCCOM







Recordings: 

2023-06-13_SECCOM_week.mp4

SECCOM presentation:

2023-06-13 ONAP Security Meeting - AgendaAndMinutes.pptx